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Appl. No.: 09/736,688 

Amdt. dated February 27, 2004 

Reply to Office Action of January 2, 2004 



REMARKS/ARGUMENTS 

Receipt of the Office Action dated January 2, 2004 is acknowledged. In 
that Action, the Examiner 1) rejected claims 1-7 as allegedly unpatentable over 
Ford (U.S. Patent No. 5,481,613) in view of Liao (U.S. Patent No. 6,606,663); and 
2) rejected claims 3 and 8 as allegedly unpatentable over Ford and Liao in further 
view of Geer (U,S. Patent No. 6,192,131). 

With this response, Applicants present new claims 9-16. Reconsideration 
is respectfully requested. 
I. CLAIM REJECTIONS 

A. Claim 1 

Claim 1 was rejected as allegedly obvious over Ford in view of Liao. 

Applicants respectfully submit that the combination of Ford and Liao does 

not teach or fairly suggest all the limitations of claim 1. While Ford may discuss a 

key release agent 32, the ACD keys sent to the decrypter 30 are used to decrypt 

the ciphertext 2 of an encrypted message. 

ACD [Access Control Decryption], on the other hand is a data 
structure which accompanies an encrypted message as it 
traverses a computer network from an encrypting system 
(encryptor) to a decrypting system (decryptor). 

Ford, Col. 6, lines 21-24 (emphasis added). Neither the R key held by the key 
release agent 32, nor the ACD keys generated by the key release agent 32, 
appear to be used to control access to sensitive information in the database. 
Ford Figure 2; Col. 6, lines 62-66. Even if the credential caching proxy of Liao is 
combined with Ford, the combination still fails to teach that any keys held or 
generated by the key release agent 32 should do anything other than decipher 
the ciphertext of an encrypted message that has traversed a computer network. 

Claim 1 , by contrast, recites, "a key repository process on the central 
server, ... the key repository process further configured to access the 
enterprise credentials and to authenticate authorizations to access the 
sensitive information in the database ... The combination of Ford and Liao 
does not teach or fairly suggest that the keys held or generated by Ford's key 
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release agent should do anything other than decrypt an encrypted message that 
has traversed a computer network. For this reason alone claim 1 should be 
allowed. 

Claim 1 further recites, "an agent on the remote server, the agent acting on 
behalf of the key repository process of the central server; ... [and] wherein the 
agent authenticates authorizations of specific applications to access 
resources ... The combination of Ford and Liao does not teach or fairly suggest 
the agent acting on behalf of the key repository process. 

Based on the foregoing, Applicants respectfully submit that claim 1, and aJI 
claims which depend from claim 1 {claims 2-6), should be allowed. 

B. Claim 3 

Claim 3 was rejected as allegedly obvious over Ford and Liao in further 
view of Geer. 

Applicants respectfully submit that the combination of Ford, Liao and Geer 
does not teach or fairly suggest all the limitations of claim 3. Geer appears to 
teach a conversation log that, when the logged conversation is complete, is 
encrypted using a "new private key." Geer, CoK 11 Hnes15-20. Thus, keys held 
by the parties are used to open the record of past conversations. Additional keys 
may be needed (contrast reconstructing a single master key) to open sub- 
conversations of the log. Geer, Col. 1 1 , lines 33-38. 

Claim 3, by contrast, requires communication authenticated by a shared 
secret (the shared secret protected by a level of trust), not the log of a past 
communication. Claim 3 further recites, "the level of trust defined as the number 
of individuals required for reconstructing the master key,.. This in comparison 
to Geer that appears to teach needing multiple keys "to open sub-conversations 
of the log." 

Claim 3 is allowable for at least the same reasons as claims 1 and 2 from 
which it depends, as well as for the additional limitations therein. 

C. Claim 4 

Claim 4 was rejected as allegedly obvious over Ford in view of Liao, 
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Applicants respectfully submit that the combination of Ford and Liao does 
not teach or fairly suggest all the limitations of claim 4. Ford appears to teach 
only a single key release agent 32- Ford Figure 2; Col. 6, lines 62-66. Even if one 
was to (non-textually) duplicate Ford's key release agent 32, Ford fails to teach 
what the relationship should be between the duplicate agents. 

Claim 4, by contrast, recites, "wherein the agent in the remote server is an 
independent key repository process... ." Thus, with the limitations of claim 1 
requiring a key repository process on the central server two such processes are 
claimed, each residing on a different server The combination of Ford and Liao 
does not teach such a system. Claim 4 further recites that the independent key 
repository process has "a level of trust equivalent to that of the key repository 
process in the central server," and the independent key repository process of the 
remote server "authenticates authorizations of specific applications to access 
recourses ... on the central server." Even if Ford and Liao taught multiple key 
release agents 32 (which Applicants do not admit), the combination of Ford and 
Liao fail to teach the relationship of the independent key repository process to the 
central server, and that such a process could or should authenticate 
authorizations to resources on a server different from where it executes. 

Claim 4 is allowable for at feast the same reasons as claim 1 from which it 
depends, as well as for the additional limitations therein. 

D. Claim 7 

Claim 7 was rejected as allegedly obvious over Ford in view of Liao. 

Applicants respectfully submit that the combination of Ford and Liao does 
not teach or fairly suggest all the limitations of claim 7. While Ford may discuss a 
k e y release agent 32, the ACD keys sent to the decrypter 30 are used to decrypt 
the ciphertext 2 of an encrypted message that has traversed a computer network. 
Ford, Col. 6, lines 21-24. Neither the R key held by the key release agent 32, nor 
the ACD keys generated by the key release agent 32, appear to be used to 
control access to sensitive information in the database. Ford Figure 2; Col. 6, 
lines 62-66. Even if the credential caching proxy of Liao is combined with Ford, 

th«a combination still fails to teach that any keys held or generated by the key 
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release agent 32 should do anything other than decipher the encrypted message 
that has traversed a computer network. 

By contrast, claim 7 recites, "storing enterprise credentials in a database 
on a central server establishing one or more master keys for managing 
information in the database by a key repository process ... Even if the 
credentials cached by Liao's proxy server are assumed to be the enterprise 
credentials in a database, the combination of Ford and Liao still fails to teach one 
or more master keys for managing the information in the database. The keys 
held or generated by Ford's key release agent appear only to be operable to 
decipher the ciphertext held by the decrypter 30, not as a gatekeeper mechanism 
for access to information in the database. Claim 7 further recites, "establishing 
communications between the key repository process on the central server and an 
agent on the remote server, the agent acting on behalf of the key repository 
process ... The key repository process is claimed to establish "one or more 
master keys for managing information in the database ... The combination of 
Ford and Uao does not teach or fairly suggest the agent acting on behalf of the 
key repository process. 

Based on the foregoing, claim 7 should be allowed. 

E. Claim 8 

Claim 8 was rejected as allegedly obvious over Ford and Liao, and further 
in view of Geer, 

Ford teaches that the keys held or generated by the key release agent 
may be used to decipher an encrypted message in the possession of the 
decrypter 30, not in the database associated with the key release agent 32. Liao 
teaches a proxy server caching credentials for wireless clients. Even if it is 
assumed that the credentials cached are placed in a database. Ford and Liao 
(even in combination with Geer) fail to teach or fairly suggest a cryptographically 
protected database. The cryptographic protection in Ford appears to be 
protection of the ciphertext. Liao does not appear to cryptographically protect the 
wireless clients cached credentials, and Geer is relied upon only for transmitting 

encrypted m6SSaoes. 
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By contrast, claim 8 specifically recites, "providing a computer system l 
having at least one server and a cryptographically protected database Ford [. 
and Liao, in view of Geer, do not teach or fairly suggest such a limitation. Claim 8 
further recites, "conducting, by the application process, a query of the key f 
repository process for sensitive information ... The Office Action dated F 
January2 t 2004 does not make clear which systems of the cited references [» 
would be the application process making a "query of the key repository process L 
for sensitive information," and thus fails to make a prima facie case. j~ 

Based on the foregoing, Applicants respectfully submit that claim 8 should 
be allowed. 

II. NEW CLAIMS 

With this Response Applicants present new claims 9 and 10. These 
claims finds support In claims 1 and 4. No new matter is presented by these \, 
claims. l. 

III. CONCLUSION 

Applicants respectfully request reconsideration and allowance of the F. : 
pending claims. If the Examiner feels that a telephone conference would r 
expedite the resolution of this case, he is respectfully requested to contact the L: 
undersigned. £ : 

In the course of the foregoing discussions, Applicants may have at times 
referred to claim limitations in shorthand fashion, or may have focused on a 
particular claim element This discussion should not be interpreted to mean that 
the other limitations can be ignored or dismissed. The claims must be viewed as 
a whole, and each limitation of the claims must be considered when determining 
the patentability of the claims. Moreover, it should be understood that there may 
be other distinctions between the claims and the prior art which have yet to be 
raised, but which may be raised in the future. 

Applicants respectfully request that a timely Notice of Allowance be issued 
in this case. If any fees or time extensions are inadvertently omitted or if any fees 
have been overpaid, please appropriately charge or credit those fees to Hewlett- 
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Packard Company Deposit Account Number 08-2025 and enter any time 
extensions) necessary to prevent this case from being abandoned. 

Respectfully submitte 




HEWLETT-PACKARD COMPANY 

Intellectual Property Administration 

Legal Dept., M/S 36 

P.O. Box 272400 

Fort Collins, CO 80527-2400 



Ma/k E. Scott 
PTOReg. No. 43,100 
CONLEY ROSE, P.C. 
(713) 238-8000 (Phone) 
(713) 238-8008 (Fax) 
ATTORNEY FOR APPLICANTS 
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